Refactor Diagnostics Index to use MediatR query pattern

[Copilot]

The Diagnostics/Index page model contained inline business logic (IP loopback check, authentication, claims extraction) rather than delegating through MediatR as every other page in the service does.

Changes

• OidcCommands — added DiagnosticsQuery(HttpContext)
• OidcResults — added DiagnosticsQueryResult discriminated union (DiagnosticsPageResult, DiagnosticsNotFoundResult, DiagnosticsChallengeResult) and moved DiagnosticItem here from the page model
• DiagnosticsRequestHandler (new) — handles DiagnosticsQuery; owns all logic previously inlined in the page: loopback guard, AuthenticateAsync, claims/properties projection
• Pages/Diagnostics/Index.cshtml.cs — now injects only IMediator, sends the query, and pattern-matches the result to an IActionResult

// Before: logic sprawled directly in OnGetAsync
var result = await this.HttpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
this.Claims = result.Principal.Claims.Select(...).ToArray();

// After: page model is a thin dispatcher
var result = await this._mediator.Send(new OidcCommands.DiagnosticsQuery(this.HttpContext), cancellationToken);
return result.Data switch
{
    DiagnosticsNotFoundResult       => this.NotFound(),
    DiagnosticsChallengeResult c    => this.Challenge(c.AuthenticationScheme),
    DiagnosticsPageResult page      => this.ApplyPageResult(page),
    _                               => this.Page()
};

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• f.feedz.io
  • Triggering command: /usr/bin/dotnet dotnet build SecurityService.slnx --configuration Release -main/dist/indexcredential.helper (dns block)
  • Triggering command: /opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/csharp/tools/linux64/Semmle.Autobuild.CSharp /opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/csharp/tools/linux64/Semmle.Autobuild.CSharp (dns block)
  • Triggering command: /usr/bin/dotnet dotnet restore --no-dependencies /home/REDACTED/work/SecurityService/SecurityService/SecurityService.slnx --packages /tmp/codeql-scratch-89cd281515db216c/dbs/csharp/working/packages /p:DisableImplicitNuGetFallbackFolder=true --verbosity normal /p:TargetFrameworkRootPath=/tmp/codeql-scratch-89cd281515db216c/dbs/csharp/working/emptyFakeDotnetRoot /p:NetCoreTargetingPackRoot=/tmp/codeql-scratch-89cd281515db216c/dbs/csharp/working/emptyFakeDotnetRoot /p:AllowMissingPrunePackageData=true (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 3 complexity · 0 duplication

Metric	Results
Complexity	3
Duplication	0

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}